[chore(deps-hardhat)]: Bump @openzeppelin/hardhat-upgrades from 3.9.1 to 4.0.0 in /packages/hardhat

[dependabot]

Bumps @openzeppelin/hardhat-upgrades from 3.9.1 to 4.0.0.

Release notes

Sourced from @​openzeppelin/hardhat-upgrades's releases.

@​openzeppelin/hardhat-upgrades@​4.0.0

• Migrate to Hardhat 3 with ESM module structure and plugin hooks architecture. (#1241)

  Breaking Changes

  • Requires Hardhat 3: minimum hardhat@^3.6.0 required.
  • ESM-only: package converted to ESM; CommonJS is no longer supported.
  • API Changes:
    • No automatic hre.upgrades — call the upgrades(hre, connection) factory explicitly.
    • Factory functions (upgrades, defender) are async and require a network connection.
    • Network connection must be explicitly created: const connection = await hre.network.connect(). Share one connection across operations.
    • ethers now comes from the connection (const { ethers } = connection), not hre.ethers.
  • Import Changes: import factory functions instead of a side-effect import.
    • Before: import '@openzeppelin/hardhat-upgrades'
    • After: import { upgrades, defender } from '@openzeppelin/hardhat-upgrades'

  Usage and Migration

  See the README for Hardhat 3 usage, the examples directory for sample projects, and the Migration Guide for Hardhat 2 to 3 migration steps.

  Changes

  • Migrated from extendEnvironment to Hardhat 3's HardhatPlugin with hookHandlers.
  • Converted package to ESM.
  • Etherscan verification requires @nomicfoundation/hardhat-verify@^3.0.10 (optional peer dependency).
  • Support Solidity tests in Hardhat 3 with @openzeppelin/foundry-upgrades.
  • Added example projects for Hardhat 3 (Transparent, UUPS, and Solidity-test scaffolds under packages/plugin-hardhat/examples/).

• Updated dependencies [7f3e4c6, 668f70c]:

  • @​openzeppelin/upgrades-core@​1.45.0

@​openzeppelin/hardhat-upgrades@​4.0.0-alpha.0

Note ⚠️ This version is still in testing. Do not use it to deploy or upgrade production deployments.

• Migrate to Hardhat 3 with ESM module structure and plugin hooks architecture. (#1194)

  Breaking Changes

  • Requires Hardhat 3: Minimum hardhat@^3.0.0 required
  • ESM-only: Package converted to ESM, CommonJS no longer supported
  • API Changes:
    • No automatic hre.upgrades - must call factory function explicitly
    • Factory functions are async: await upgrades(hre, connection)
    • Network connection must be explicitly created: await hre.network.connect()
    • ethers now comes from connection, not hre.ethers
  • Import Changes: Import factory functions instead of side-effect import
    • Before: import '@openzeppelin/hardhat-upgrades'
    • After: import { upgrades, defender } from '@openzeppelin/hardhat-upgrades'

  Usage and Migration

... (truncated)

Commits

• 6c5ef4e Fix plugin publish: force tsc rebuild so core/dist is always built (#1252)
• 843676b Fix publish: skip yarn engine check on the Node 24 job (#1251)
• 6f0a7fd Prepare Release (#1237)
• ca28356 Publish via npm OIDC trusted publishing, avoid submodule checkout in changese...
• 169e977 Update Foundry submodule (#1249)
• 23f9c46 Remove executable permission from script (#1248)
• 668f70c Support Hardhat 3 in Hardhat Upgrades (#1241)
• 7f3e4c6 chore: Add Arbitrum Sepolia (chainId 421614) to the known network list (#1236)
• 9e96af3 Prepare Release (#1197)
• 4f86e33 Add Celo Sepolia to manifest filenames (#1189)
• See full diff in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​openzeppelin/hardhat-upgrades since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Labels

The following labels could not be found: dependencies, hardhat, npm. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
aeternum	Ready	Preview, Comment	Jun 2, 2026 3:47am

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[dependabot]

Superseded by #394.